UK extranet provider Cadweb says it “is the first Project Extranet to be certified to the new International Standard ISO/IEC 27001″. Its news release also says that it is “the only Project Extranet to be certified to this standard”. Wrong on both counts, Cadweb, and by over a year.
ISO/IEC 27001 concerns information security management systems, so it is the infrastructure and hosting regime that is the key issue – not the applications themselves.
BIW Technologies (my employer) deploys its services via managed hosting provider, Attenda, Europe’s first provider of Total Managed Hosting supporting complex applications developed on the Microsoft platform (and winner of the Best Managed Services Provider at the Data Centre Europe Awards last month). Attenda was one of the first UK companies to be certified against BS7799 part 2, and when this was superseded in October 2005 by ISO/IEC 27001:2005, Attenda was one of the first UK companies to be certified by BSI as compliant with the new extended standard (on 10 January 2006). With all BIW users’ interactions with the collaboration system being completely managed via Attenda’s infrastructure, this meant BIW’s collaboration platform was the first ‘extranet’ system managed on a system certified to ISO/IEC27001:2005 (see 21 February 2006 news release).
By the way, this is not the first time that Cadweb has tried to claim industry leadership on hosting. It made a similar, inaccurate claim in UK trade magazine New Civil Engineer in March 2002 – prompting BIW CEO Colin Smith to write to the editor pointing out that BIW’s hosting was also compliant with ISO17799 (see BIW news story).